An Attack Possibility on Time Synchronization Protocols Secured with TESLA-Like Mechanisms

In network-based broadcast time synchronization, an important security goal is integrity protection linked with source authentication. One technique frequently used to achieve this goal is to secure the communication by means of the TESLA protocol or one of its variants. This paper presents an attack vector usable for time synchronization protocols that protect their broadcast or multicast messages in this manner. The underlying vulnerability results from interactions between timing and security that occur specifically for such protocols. We propose possible countermeasures and evaluate their respective advantages. Furthermore, we discuss our use of the UPPAAL model checker for security analysis and quantification with regard to the attack and countermeasures described, and report on the results obtained. Lastly, we review the susceptibility of three existing cryptographically protected time synchronization protocols to the attack vector discovered.

[1]  Russ Housley,et al.  Protecting Network Time Security Messages with the Cryptographic Message Syntax (CMS) , 2016 .

[2]  Peng Ning,et al.  TinySeRSync: secure and resilient time synchronization in wireless sensor networks , 2006, CCS '06.

[3]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[4]  David L. Mills,et al.  Adaptive hybrid clock discipline algorithm for the network time protocol , 1998, TNET.

[5]  Kang Lee,et al.  IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems , 2002, 2nd ISA/IEEE Sensors for Industry Conference,.

[6]  Xiangdong Hu,et al.  Message Broadcast Authentication in uTESLA Based on Double Filtering Mechanism , 2011, 2011 International Conference on Internet Technology and Applications.

[7]  Daniel Franke Network Time Security , 2016 .

[8]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation and Analysis , 1992, RFC.

[9]  Tal Mizrahi,et al.  Security Requirements of Time Protocols in Packet Switched Networks , 2014, RFC.

[10]  Sharon Goldberg,et al.  Attacking the Network Time Protocol , 2016, NDSS.

[11]  Na Ruan,et al.  DoS attack-tolerant TESLA-based broadcast authentication protocol in Internet of Things , 2012, 2012 International Conference on Selected Topics in Mobile and Wireless Networking.

[12]  Stephen Röttger,et al.  Analysis of the NTP Autokey Procedures , 2012 .

[13]  Srdjan Capkun,et al.  Secure Time Synchronization in Sensor Networks , 2008, TSEC.

[14]  Joël Ouaknine,et al.  Model-Checking for Real-Time Systems , 1995, FCT.

[15]  Kristof Teichel,et al.  Using the Network Time Security Specification to Secure the Network Time Protocol , 2016 .

[16]  David Broman,et al.  Time-Aware Applications, Computers, and Communication Systems (TAACCS) , 2015 .

[17]  Donggang Liu,et al.  Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[18]  Douglas Stebila,et al.  Authenticated Network Time Synchronization , 2016, USENIX Security Symposium.

[19]  Srdjan Capkun,et al.  Secure time synchronization service for sensor networks , 2005, WiSe '05.

[20]  Fu Fei,et al.  ASTS: An Agile Secure Time Synchronization Protocol for Wireless Sensor Networks , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[21]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[22]  Tal Mizrahi,et al.  Multi-path Time Protocols , 2013, 2013 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS) Proceedings.

[23]  Ran Canetti,et al.  Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction , 2005, RFC.

[24]  David L. Mills,et al.  Network Time Protocol Version 4: Autokey Specification , 2010, RFC.

[25]  Paul Syverson,et al.  Dolev-Yao is no better than Machiavelli , 2000 .

[26]  David L. Mills,et al.  Computer network time synchronization : the network time protocol on earth and in space , 2006 .

[27]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[28]  David L. Mills,et al.  Internet Engineering Task Force (ietf) Network Time Protocol Version 4: Protocol and Algorithms Specification , 2010 .

[29]  John C. Eidson,et al.  Measurement, Control, and Communication Using IEEE 1588 , 2006 .